CVE-2026-43280

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description An out-of-bounds kernel read can occur in the drm/xe component when a user provides an invalid pat index value through the madvise IOCTL. This happens because the madvise args are sane() function calls xe pat index get coh mode() without verifying if the pat index is within the valid range of the xe->pat.table array. While debug builds include a warning, production kernels still perform the unsafe array access.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.